I think I'm confused. just received this advice in an email from Mircosoft:

IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.

How does moving from a culture of blindly clicking on links to blindly cut&pasting said links help protect against phishing??? Oh, and the 'as described above? is a long and confusing URL....

I think you are right there Bill. That may very well be the thought process behind it. Though, wouldn't it make more sense to not go there in the first place? Good defense is always trumped by dumb user.

What's even scarier is that tactic fails to prevent many common phishing tactics. For instance, using a domain name that looks like the target in specific fonts (substituting 1's for lower case L's for instance) or misspelled domain names. Not to mention that if a link spans multiple lines and it's sometimes tough for users to cut and paste the whole thing. Microsoft needs to do their security reading (http://people.seas.harvard.edu/~rachna/ ... _works.pdf) first before issuing statements like this